{"uuid": "954f750a-c8e7-4ddd-a1ff-ddc334d92a48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34721", "type": "published-proof-of-concept", "source": "https://t.me/AnonCyberWarrior/61", "content": "#Threat_Research\nWormable Windows IKE Vulnerability (CVE-2022-34721)\nhttps://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a\n\n#tools\n#Blue_Team_Techniques\n1. The Memory Process File System\nhttps://github.com/ufrisk/MemProcFS\n2. ProcMemScan - diagnostic tool to investigate remote process\nhttps://github.com/daem0nc0re/TangledWinExec/tree/main/ProcMemScan\n\n#Red_Team_Tactics\n1. Bypassing FileBlockExecutable in Sysmon 14.0: A Lesson In Analyzing Assumptions\nhttps://www.huntandhackett.com/blog/bypassing-sysmon\n2. Windows 11 Shift F10 Bypass and Autopilot privilge escalation\nhttps://k4m1ll0.com/ShiftF10Bypass-and-privesc.html\n\n#Malware_analysis\n1. Agenda Ransomware\nhttps://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html\n2. FARGO Ransomware (Mallox)\nhttps://asec.ahnlab.com/en/39152\n\n#Offensive_security\nSacrificing Suspended Processes\nhttps://www.optiv.com/insights/source-zero/blog/sacrificing-suspended-processes\n]-> payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods:\nhttps://github.com/optiv/Freeze\n\n#Red_Team_Tactics\n1. Car Hacking - Manual Bypass of Modern Rolling Code Implementations\nhttps://labs.jumpsec.com/car-hacking-manual-bypass-of-modern-rolling-code-implementations\n2. How To Attack Admin Panels Successfully\nhttps://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c\n\n#tools\n#Offensive_security\nMerlin - cross-platform post-exploitation HTTP/2 Command & Control server/agent (Go)\nhttps://github.com/Ne0nd0g/merlin\n\n#Malware_analysis\nErbium InfoStealer:\u00a0Characteristics and Origins\nhttps://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer\n\n#Offensive_security\nAttacking Encrypted HTTP Communications\nhttps://www.pentestpartners.com/security-blog/attacking-encrypted-http-communications\n\n#Threat_Research\n1. Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment\nhttps://antman1p-30185.medium.com/jumping-over-the-gate-da555c075208\n2. Detecting STEEP#MAVERICK: New Covert Attack Campaign\nhttps://www.securonix.com/blog/detecting-steepmaverick-new-covert-attack-campaign-targeting-military-contractors\n\nPosted by : @ZeemiBhai", "creation_timestamp": "2022-12-01T06:26:37.000000Z"}